C# Code · Functional Info

Dynamics CRM 365 Check Record Privilege specific access rights for a User/Team Programatically

Today for one of the business requirement, I was looking for a custom code to check whether User/Team has a particular access rights on CRM record.

I checked MSDN doc and found out we have RetrievePrincipalAccessRequest request which can be used to check priviledge. It accepts two parameters which is CRM record entity reference and User/team entity reference.

Below generic code can be used for any records in CRM and it will check for User/team

public bool CheckRecordPrivilege(IOrganizationService service, EntityReference erfPrincipal, EntityReference erfRecord, AccessRights accessType)
                if (erfPrincipal != null && erfRecord != null)
                    if (erfPrincipal.LogicalName != SystemUser.EntityLogicalName && erfPrincipal.LogicalName != Team.EntityLogicalName)
                        return false;
                        var principalAccessReq = new RetrievePrincipalAccessRequest
                            Principal = erfPrincipal,
                            Target = erfRecord
                        var principalAccessRes = (RetrievePrincipalAccessResponse)service.Execute(principalAccessReq);
                        if (principalAccessRes != null && principalAccessRes.AccessRights.ToString() != String.Empty)
                            if ((principalAccessRes.AccessRights & accessType) == accessType)
                                return true;
            catch (Exception ex)
                throw ex;
            return false;

key points –

  1. Pass any CRM record entity reference which you want to check access rights “new EntityReference(“lead”,”RECORD GUID”)” as 3rd parameter to function
  2. Pass User/Team entity reference you want to check access rights for “new EntityReference(“systemuser/team”,”User/Team GUID”)”
  3. Pass specific access rights as last parameter. Please find below list of Access rights provided by CRM system

Members define the discrete options for the enumeration type.

Name Value Description
None 0 No access.
ReadAccess 1 The right to read the specified type of record.
WriteAccess 2 The right to update the specified record.
AppendAccess 4 The right to append the specified record to another object.
AppendToAccess 16 The right to append another record to the specified object.
CreateAccess 32 The right to create a record.
DeleteAccess 65536 The right to delete the specified record.
ShareAccess 262144 The right to share the specified record.
AssignAccess 524288 The right to assign the specified record to another user or team.

Hope this helps!


One thought on “Dynamics CRM 365 Check Record Privilege specific access rights for a User/Team Programatically

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s